Lapsus$: Hackers claim source code was stolen from Microsoft

The notorious hacker group Lapsus$ claims to have captured source code from Microsoft. However, Windows does not appear to be affected.

After Samsung and Nvidia, among others, it seems that Microsoft has now also caught on. According to the US IT security portal Bleeping Computer, the well-known and almost notorious hacker group Lapsus$ claims that it has captured source code from Microsoft. It should be source code from Bing, Cortana and other projects. Lapsus$ claims to have stolen this data from Microsoft’s internal Azure DevOps servers.

The hackers published a screenshot on their Telegram channel on Sunday morning, which is said to show the stolen source code packages on the Azure DevOps servers. Then, Monday night, the hackers uploaded a 9GB 7Zip archive to a file-sharing network. According to Bleeping Computer, this should contain the source code of over 250 Microsoft projects. Lapsus$ claims that the 7Zip archive contains 90 percent of the Bing source code and about 45 percent of the Bing Maps and Cortana code. According to Bleeping Computer, the archive contains 37 GB of Microsoft source code.

No Windows code

Security researchers who looked at the leaked files told Bleepingcomputer that it appears to be genuine Microsoft internal source code. Emails and documentation used by Microsoft developers to publish mobile applications should also be included. The projects seem to be web-based infrastructures, websites or mobile applications. Source code for Microsoft desktop software, primarily Windows, Windows Server and Microsoft Office, is not included in the leak.

Microsoft confirms investigation

Microsoft told Bleepingcomputer that it would investigate the incident. Also to an editor at IT news site The Verge

Microsoft that it is investigating the hacker group’s claim.

The key question is still unanswered: How did the hackers get the data? According to Bleepingcomputer, security experts suspect that the hackers paid Microsoft employees to get the data. In line with this, Lapsus$ is specifically looking for employees of large IT companies such as Microsoft, Apple, EA or IBM in order to pay them for information.

Samsung hacked: Explosive data on Galaxy devices leaked

Cybersecurity incident confirmed at Ubisoft

Nvidia data theft: hackers set an ultimatum until Friday – or all data will be leaked

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button